Debian Weekly News - July 19th, 2000

Welcome to Debian Weekly News, a newsletter for the Debian community.

A quick release status update: The release managers are back, and fixed packages are moving into frozen again. We have still not entered the third test cycle. Here is a short list of things that are holding it up.

Security fixes. A remote root exploit in the rpc.statd program from nfs-common was found and fixed this week. This effects potato and woody only, not stable, and an immediate upgrade is recommended. A fix was also released for a remote shell exploit in cvsweb.

The debian-policy list, which has been mostly inactive for a while, is waking back up. A new release of the policy manual might happen sometime soon. The current hot topic is adding new fields to Debian packages, to allow use of third party bug tracking systems, and mark the origin of a package. Few would dispute that such things are increasingly needed as third party Debian packages proliferate, but exactly how they should be implemented is a matter of some debate.

Last week this newsletter ran a brief notice about a proposal to remove libc5 support packages from unstable. The discussion was only beginning then; now people have had a week to object to the idea. Most objections however, do not take into account the fact that removing libc5 support from unstable will not remove existing libc5 packages from their machines, and libc5 support packages will still be available from the debian archives. There were some valid worries though. What if we drop libc5 support and then changes to the linker make the old and unsupported libc5 packages stop working? To address this, we might keep libc5 itself in unstable, but remove all the other libc5 compatibility libraries and development support -- a compromise that seems to satisfy everyone.

The libc5 discussion then expanded into a more general discussion about whether we should "limit upgradability to two major releases back". Recently there have been successful upgrades from Debian 1.3 to frozen, skipping two major releases. This is a fine accomplishment, but making it work does take a lot of effort, and require a significant amount of cruft in the distribution. Would our time be better spent on improving other things? No resolution on this one yet.

New packages in Debian unstable this week include the following:

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Joey Hess.